Closed
Bug 130841
Opened 22 years ago
Closed 22 years ago
ORBZ.ORG has blackholed 207.200.81.216 (mothra.mozilla.org)
Categories
(mozilla.org Graveyard :: Server Operations, task)
mozilla.org Graveyard
Server Operations
Tracking
(Not tracked)
VERIFIED
FIXED
People
(Reporter: vecchioc, Assigned: daruszka)
References
()
Details
orbz has blackholed 207.200.81.216 (mothra.mozilla.org). The mails from bugzilla are classified spam.
Comment 1•22 years ago
|
||
According to that site, mothra is an open relay - its nothing to do with bugzilla mails being spam. -> server operations, critical
Assignee: endico → daruszka
Component: Bugzilla: Other moz.org Issues → Server Operations
QA Contact: myk → endico
Comment 2•22 years ago
|
||
Either this is fixed already or they're full of it. dave@pismo [19:43 ~ 151] tcsh> telnet 207.200.81.215 25 Trying 207.200.81.215... Connected to 207.200.81.215. Escape character is '^]'. 220 gila.mozilla.org ESMTP Howdy! You got mail? Sendmail 8.10.0/8.10.0 helo chartermi.net 250 gila.mozilla.org Hello 24.247.101.145.gha.mi.chartermi.net [24.247.101.145], pleased to meet you mail from:<justdave@novagate.com> 250 2.1.0 <justdave@novagate.com>... Sender ok rcpt to:<justdave@syndicomm.com> 550 5.7.1 <justdave@syndicomm.com>... Relaying denied quit 221 2.0.0 gila.mozilla.org closing connection Connection closed by foreign host.
Comment 3•22 years ago
|
||
ok, let's try repeating that test with the correct IP address.... dave@pismo [20:02 ~ 152] tcsh> telnet 207.200.81.216 25 Trying 207.200.81.216... Connected to 207.200.81.216. Escape character is '^]'. 220 mothra.mozilla.org ESMTP Sendmail 8.9.3+Sun/8.9.1; Thu, 14 Mar 2002 17:06:49 -0800 (PST) helo chartermi.net 250 mothra.mozilla.org Hello 24.247.101.145.gha.mi.chartermi.net [24.247.101.145], pleased to meet you mail from:<justdave@novagate.com> 250 <justdave@novagate.com>... Sender ok rcpt to:<justdave@syndicomm.com> 550 <justdave@syndicomm.com>... Relaying denied quit 221 mothra.mozilla.org closing connection Connection closed by foreign host. OK, they're still full of it. :-)
Comment 4•22 years ago
|
||
OK, they're not full of it. It's a multi-stage thing. I just successfully exploited it. FWIW, ywing.aoltw.net is on the "outputs" list for the same reason. dave@pismo [20:04 ~ 153] tcsh> telnet 207.200.81.216 25 Trying 207.200.81.216... Connected to 207.200.81.216. Escape character is '^]'. 220 mothra.mozilla.org ESMTP Sendmail 8.9.3+Sun/8.9.1; Thu, 14 Mar 2002 17:15:41 -0800 (PST) helo chartermi.net 250 mothra.mozilla.org Hello 24.247.101.145.gha.mi.chartermi.net [24.247.101.145], pleased to meet you mail from:<bugzilla-daemon@mozilla.org> 250 <bugzilla-daemon@mozilla.org>... Sender ok rcpt to:<@mozilla.org:justdave@syndicomm.com> 250 <@mozilla.org:justdave@syndicomm.com>... Recipient ok data 354 Enter mail, end with "." on a line by itself To: justdave@syndicomm.com From: bugzilla-daemon@mozilla.org Subject: Relay test blah blah test test . 250 RAA27289 Message accepted for delivery quit 221 mothra.mozilla.org closing connection Connection closed by foreign host. Return-Path: <bugzilla-daemon@mozilla.org> Received: from ywing.netscape.com (ywing.aoltw.net [204.29.187.151]) by sheridan.syndicomm.com (8.11.6/8.11.6) with ESMTP id g2F1EJ104256 for <justdave@syndicomm.com>; Thu, 14 Mar 2002 17:14:19 -0800 Received: from mothra.mozilla.org (mothra.mozilla.org [207.200.81.216]) by ywing.netscape.com (8.10.0/8.10.0) with ESMTP id g2F1BNg05455 for <@mozilla.org:justdave@syndicomm.com>; Thu, 14 Mar 2002 17:11:23 -0800 (PST) Received: from chartermi.net (24.247.101.145.gha.mi.chartermi.net [24.247.101.145]) by mothra.mozilla.org (8.9.3+Sun/8.9.1) with SMTP id RAA27289 for <@mozilla.org:justdave@syndicomm.com>; Thu, 14 Mar 2002 17:16:00 -0800 (PST) Date: Thu, 14 Mar 2002 17:16:00 -0800 (PST) From: bugzilla-daemon@mozilla.org Message-Id: <200203150116.RAA27289@mothra.mozilla.org> To: justdave@syndicomm.com Subject: Relay test X-UIDL: h`'!!FSo"!oCA"!==^!! blah blah test test
Comment 5•22 years ago
|
||
mothra has been changed to send emails out directly to avoid other relays to go to the blacklists because of it. I don't see ywing on orbz list.
Comment 6•22 years ago
|
||
dave@pismo [22:18 ~ 151] tcsh> telnet mothra.mozilla.org 25 Trying 207.200.81.216... Connected to mothra.mozilla.org. Escape character is '^]'. 220 mothra.mozilla.org ESMTP Sendmail 8.9.3+Sun/8.9.1; Thu, 14 Mar 2002 19:21:11 -0800 (PST) helo chartermi.net 250 mothra.mozilla.org Hello 24.247.101.145.gha.mi.chartermi.net [24.247.101.145], pleased to meet you mail from:<bugzilla-daemon@mozilla.org> 250 <bugzilla-daemon@mozilla.org>... Sender ok rcpt to:<@mozilla.org:justdave@syndicomm.com> 250 <@mozilla.org:justdave@syndicomm.com>... Recipient ok data 354 Enter mail, end with "." on a line by itself To: justdave@syndicomm.com From: bugzilla-daemon@mozilla.org Subject: Relay Test blah blah test test >. 250 TAA08379 Message accepted for delivery quit 221 mothra.mozilla.org closing connection Connection closed by foreign host. Return-Path: <bugzilla-daemon@mozilla.org> Received: from gila.mozilla.org (gila.mozilla.org [207.200.81.215]) by sheridan.syndicomm.com (8.11.6/8.11.6) with ESMTP id g2F3Jw108516 for <justdave@syndicomm.com>; Thu, 14 Mar 2002 19:19:58 -0800 Received: from mothra.mozilla.org (mothra.mozilla.org [207.200.81.216]) by gila.mozilla.org with ESMTP id g2F3P6515258 for <@mozilla.org:justdave@syndicomm.com>; Thu, 14 Mar 2002 19:25:06 -0800 (PST) Received: from chartermi.net (24.247.101.145.gha.mi.chartermi.net [24.247.101.145]) by mothra.mozilla.org (8.9.3+Sun/8.9.1) with SMTP id TAA08379 for <@mozilla.org:justdave@syndicomm.com>; Thu, 14 Mar 2002 19:21:34 -0800 (PST) Date: Thu, 14 Mar 2002 19:21:34 -0800 (PST) From: bugzilla-daemon@mozilla.org Message-Id: <200203150321.TAA08379@mothra.mozilla.org> To: justdave@syndicomm.com Subject: Relay Test X-UIDL: me-!!h(i"!TKf!!-m5!! blah blah test test OK, so now it's using gila for a relay instead of ywing...
Comment 7•22 years ago
|
||
Since its mothra which is on the blacklists, that may not help, unless it doesn't show up in teh received line at all. Its mothra which is the problem - ywing is correctly relaying mail from within its own network.
Comment 8•22 years ago
|
||
correct. mothra needs to be configured to not accept any incoming mail that isn't destined for a user on mothra.
Comment 9•22 years ago
|
||
Yes, I know it's mothra which is the problem. I just don't want ywing/xwing to end up being problems, too. Sometimes these relay harvesters add all the systems to blacklists they see in the relay chain. Mothra used to use xwing/ywing as outbound relays and we can't risk those going to the blacklist. This is just a precaution because it might take a while to fix mothra. Dave, no it's not relaying out through gila (except that I had it that way for 5 minutes and then I put it back to send emails out directly. We don't want gila to blacklists either). It relayed your email through gila because you said "@mozilla.org". Take a look at this example: Mar 14 19:09:30 mothra.mozilla.org sendmail[7441]: TAA07439: to=rko@iki.fi, ctladdr=root (0/1), delay=00:00:38, xdelay=00:00:38, mailer=esmtp, relay=mail.iki.fi. [212.16.100.1], stat=Sent (FAA04010 Message accepted for delivery) Mar 14 19:37:03 mothra.mozilla.org sendmail[9590]: TAA09544: to=<@rko.iki.fi:rkotalampi@aol.com>, delay=00:00:42, xdelay=00:00:01, mailer=esmtp, relay=rko.iki.fi. [63.193.121.247], stat=User unknown
Comment 10•22 years ago
|
||
Here's better example of email which was actually delivered to risto@kotalampi.com: Mar 14 19:52:50 mothra.mozilla.org sendmail[10562]: TAA10562: from=<rko@iki.fi>, size=17, class=0, pri=30017, nrcpts=1, msgid=<200203150352.TAA10562@mothra.mozilla.org>, proto=SMTP, relay=adsl-63-193-121-247.dsl.snfc21.pacbell.net [63.193.121.247] Mar 14 19:52:51 mothra.mozilla.org sendmail[10594]: TAA10562: to=<@kotalampi.com:risto@kotalampi.com>, delay=00:00:38, xdelay=00:00:01, mailer=esmtp, relay=sdxl.org. [63.193.121.247], stat=Sent (2.0.0 g2F3oFJ11959 Message accepted for delivery)
Comment 11•22 years ago
|
||
the @mozilla.org trick is exactly what ORBZ does in their test emails (that's where I got the idea from). So gila is still going to end up on the blacklists like this (or any other server someone decides to put in the alternate routing based on the examples you just posted). It's bad practice to allow an externally accessible email server to accept mail with alternate routing, because the primary use of it these days is for a spammer to trick your server into relaying (just like this).
Comment 12•22 years ago
|
||
*** Bug 131305 has been marked as a duplicate of this bug. ***
Comment 13•22 years ago
|
||
.. and gila is now blocked as an output. http://orbz.org/b.php?207.200.81.215
Comment 14•22 years ago
|
||
gila is now blacklisted on spamcop as well: http://spamcop.net/bl.shtml?207.200.81.215 We're getting multiple complaints from Bugzilla users about not receiving their bugmail...
Severity: critical → blocker
Comment 15•22 years ago
|
||
It appears that gila is on spamcop because gila is stripping all received lines on mail it sends out (or, if this started from news and got converted to mail by the gateway, maybe its just the first one in the list) So spamcop sees gila.m.o as the source of all this spam and blocks it because of the ammount of spam coming from that server. See bug 63735 and http://spamcop.net/w3m?action=checkblock&ip=207.200.81.215 Being listed as an orbz output now won't helpmatters, either
Comment 16•22 years ago
|
||
FYI, the listing for mothra now lists the following: Associated Outputs 204.29.187.151 207.200.81.215 204.29.187.151 = ywing.aoltw.net If I look it up directly it's not showing up on the list, but because of the above association it very likely will very soon.
Comment 17•22 years ago
|
||
Sorry, but is there a chance for fixing it soon? I miss the post for 3 days now. It's like living without knowing what is going on on the planet... :( BTW will I recieve all unresived messages? Tnx.
Comment 18•22 years ago
|
||
Eugene: blocking of mail based on DNSBL lists like ORBZ is done by the recipient's ISP. You would need to ask your ISP about that. It's very likely if you didn't receive it that they either tossed it in the bit bucket or bounced it back to mozilla.org (which would have just tossed it in the bit bucket). It's very unlikely that an ISP would choose to cache those emails in case the blacklisting was removed.
Comment 19•22 years ago
|
||
spamcop is listing gila because of it's news gateway which is probably throwing a lot of spams out. That is not mothra's fault AFAIK. I still don't understand why gila or ywing/xwing would be on any of open relays lists. mothra sends emails out directly nowadays - it's not using gila nor xwing/ywing as relays.
Comment 20•22 years ago
|
||
gila was the relay temporarily, I thought (see comment 6), and ywing was for the past several years at least. Theres a box on the orbz page to get the server retested - if ywing/gila don't have the same problem which mothra has, you could submit it to that. Not sure if that clears outputs - they may only be cleared once the original input is cleared. If those machines do have the problem, then submitting it for a retest will get it blocked on the inputs link, too, which you probably don't want...
Comment 21•22 years ago
|
||
upgraded sendmail on mothra. This should fix the problem for now. I'll try resubmitting mothra on orbz.
Comment 22•22 years ago
|
||
test
Comment 23•22 years ago
|
||
orbz says we're clean now :) ORBZ Database Information IP: 207.200.81.216 State: clean Listed in inputs: no Listed in outputs: no (What's the difference between inputs and outputs?) Last Test: 2002-03-18 20:41:29 UTC Last Test Result: all probes refused --------------------------------------------------------- ========================================================= See any known spam from this host (off-site link) (SpamCop reports have no bearing whatsoever on ORBZ listings) ========================================================= Direct DNS Lookups ORBZ DNS lookups lag behind database information. inputs.orbz.org: listed (Open relay input. See http://orbz.org/?207.200.81.216) outputs.orbz.org: clean relays.ordb.org: clean orbs.dorkslayers.com: clean dev.null.dk: clean relays.osirusoft.com: clean bl.spamcop.net: clean relays.visi.com: clean
Status: NEW → RESOLVED
Closed: 22 years ago
Resolution: --- → FIXED
Comment 24•22 years ago
|
||
Yes, the server is out of orbz now. My ISP's mailserver doesn't tag bugmail as spam anymore.
Status: RESOLVED → VERIFIED
Comment 25•22 years ago
|
||
dave@pismo [21:37 ~ 151] tcsh> nslookup 216.81.200.207.inputs.orbz.org Server: router.hollar.lan Address: 192.168.1.254 *** router.hollar.lan can't find 216.81.200.207.inputs.orbz.org: Non-existent host/domain Confirmed. Thanks Mark!
Comment 26•22 years ago
|
||
I still don't get any bugmail and my ISP says it is not its fault.
Comment 27•22 years ago
|
||
yes, it is your isp's fault. they're still blocking our mail despite (or because of) the fact that orbz no longer exists. http://derf.cc/orbz_shutdown.txt http://slashdot.org/article.pl?sid=02/03/20/1528246&mode=thread there are a whopping 76K deferred messages for you in our current syslog starting may 17. Here is the most recent. I should delete your mail from the queue. Mothra has better things to do that argue with your isp. Mar 21 18:03:25 mothra.mozilla.org sendmail[29181]: g2K5Ecu10515: to=mozbug@durys.net, ctladdr=nobody (60001/60001), delay=1+20:48:47, xdelay=00:00:01, mailer=esmtp, pri=54030616, relay=mx1.ovh.net. [213.186.33.29], dsn=4.3.0, stat=Deferred: 451 Open relay. Please see http://orbz.org/?207.200.81.216
Updated•9 years ago
|
Product: mozilla.org → mozilla.org Graveyard
You need to log in
before you can comment on or make changes to this bug.
Description
•